1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2020:1068

[RHSA-2020:1068] squid security and bug fix update

Severity Moderate
Affected Packages 12
CVEs 3
Info Packages References Vulnerabilities

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

  • squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024)

  • squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027)

  • squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Package Affected Version
pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7 < 3.5.20-15.el7
pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7 < 3.5.20-15.el7
ID
RHSA-2020:1068
Severity
moderate
URL
https://access.redhat.com/errata/RHSA-2020:1068
Published
2020-03-31T00:00:00
(4 years ago)
Modified
2020-03-31T00:00:00
(4 years ago)
Rights
Copyright 2020 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/squid?arch=x86_64&distro=redhat-7 redhat squid < 3.5.20-15.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/squid?arch=s390x&distro=redhat-7 redhat squid < 3.5.20-15.el7 redhat-7 s390x
Affected pkg:rpm/redhat/squid?arch=ppc64le&distro=redhat-7 redhat squid < 3.5.20-15.el7 redhat-7 ppc64le
Affected pkg:rpm/redhat/squid?arch=ppc64&distro=redhat-7 redhat squid < 3.5.20-15.el7 redhat-7 ppc64
Affected pkg:rpm/redhat/squid-sysvinit?arch=x86_64&distro=redhat-7 redhat squid-sysvinit < 3.5.20-15.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/squid-sysvinit?arch=s390x&distro=redhat-7 redhat squid-sysvinit < 3.5.20-15.el7 redhat-7 s390x
Affected pkg:rpm/redhat/squid-sysvinit?arch=ppc64le&distro=redhat-7 redhat squid-sysvinit < 3.5.20-15.el7 redhat-7 ppc64le
Affected pkg:rpm/redhat/squid-sysvinit?arch=ppc64&distro=redhat-7 redhat squid-sysvinit < 3.5.20-15.el7 redhat-7 ppc64
Affected pkg:rpm/redhat/squid-migration-script?arch=x86_64&distro=redhat-7 redhat squid-migration-script < 3.5.20-15.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/squid-migration-script?arch=s390x&distro=redhat-7 redhat squid-migration-script < 3.5.20-15.el7 redhat-7 s390x
Affected pkg:rpm/redhat/squid-migration-script?arch=ppc64le&distro=redhat-7 redhat squid-migration-script < 3.5.20-15.el7 redhat-7 ppc64le
Affected pkg:rpm/redhat/squid-migration-script?arch=ppc64&distro=redhat-7 redhat squid-migration-script < 3.5.20-15.el7 redhat-7 ppc64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date